SePrivilegeCheck function (ntifs.h)
The SePrivilegeCheck routine determines whether a specified set of privileges is enabled in the subject's access token.
Syntax
BOOLEAN SePrivilegeCheck(
[in, out] PPRIVILEGE_SET RequiredPrivileges,
[in] PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext,
[in] KPROCESSOR_MODE AccessMode
);
Parameters
[in, out] RequiredPrivileges
Pointer to a PRIVILEGE_SET structure. The Privilege member of this structure is an array of LUID_AND_ATTRIBUTES structures. Before calling SePrivilegeCheck, use the Privilege array to indicate the set of privileges to check. Set the Control member to PRIVILEGE_SET_ALL_NECESSARY if all of the privileges must be enabled; or set it to zero if it is sufficient that any one of the privileges be enabled.
When SePrivilegeCheck returns, the Attributes member of each LUID_AND_ATTRIBUTES structure is set to SE_PRIVILEGE_USED_FOR_ACCESS if the corresponding privilege is enabled.
[in] SubjectSecurityContext
Pointer to the subject's captured security context.
[in] AccessMode
The access mode to use for the privilege check. Either UserMode or KernelMode. If AccessMode is set to KernelMode, then all privileges are marked as being possessed by the subject, and SePrivilegeCheck returns TRUE.
Return value
SePrivilegeCheck returns TRUE if all specified privileges are held by the subject, FALSE otherwise.
Remarks
An access token contains a list of the privileges held by the account associated with the token. These privileges can be enabled or disabled; most are disabled by default. SePrivilegeCheck checks only for enabled privileges. To get a list of all the enabled and disabled privileges held by an access token, call SeQueryInformationToken.
For more information about security and access control, see Windows security model for driver developers and the documentation on these topics in the Windows SDK.
Requirements
| Requirement | Value |
|---|---|
| Target Platform | Universal |
| Header | ntifs.h (include Ntifs.h) |
| Library | NtosKrnl.lib |
| DLL | NtosKrnl.exe |
| IRQL | PASSIVE_LEVEL |
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for